Title:
仮想化環境においてネットワークトラフィックを解読するためのシステムおよび方法
Document Type and Number:
Japanese Patent JP6857193
Kind Code:
B2
Abstract:
Described systems and methods enable a decryption of encrypted communication between a client system and a remote party, for applications such as detection and analysis of malicious software, intrusion detection, and surveillance, among others. The client system executes a virtual machine and an introspection engine outside the virtual machine. The introspection engine is configured to identify memory pages whose contents have changed between a first session event (e.g., a ServerHello message) and a second session event (e.g., a ClientFinished message). The respective memory pages are likely to contain encryption key material for the respective communication session. A decryption engine may then attempt to decrypt an encrypted payload of the respective communication session using information derived from the content of the identified memory pages.
Inventors:
Kalasia, Radu
Application Number:
JP2018552231A
Publication Date:
April 14, 2021
Filing Date:
March 29, 2017
Export Citation:
Assignee:
Bit Defender IP Management Limited
International Classes:
H04L9/36; G06F21/56; H04L9/08
Foreign References:
| US20140115702 | ||||
| US20150013008 | ||||
| US20130263263 |
Attorney, Agent or Firm:
Shinjiro Ono
Osamu Yamamoto
Toru Miyamae
Motoharu Nakanishi
Junichi Matsuo
Osamu Yamamoto
Toru Miyamae
Motoharu Nakanishi
Junichi Matsuo